Please be aware that your MtGox account is _STILL_ at risk and that although it is not MtGox's fault, you should ASAP change all of your email addresses and passwords to new, non-guessable entries so that your MtGox account won't be hacked/stolen.

Edit:This email with 100% certainty arrived at the NEW email address I entered on the claims page.So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party(option A), but someone else's mail(option B), then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

Please be aware that your MtGox account is _STILL_ at risk and that although it is not MtGox's fault, you should ASAP change all of your email addresses and passwords to new, non-guessable entries so that your MtGox account won't be hacked/stolen.

Even if it were real it dosen't count as hacking... and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.

My point was to warn people to change the password to their email accounts if they haven't done so already.I'm aware that anyone who had one of the leaked lists could just mass-request password recovery via either username or email account; that's kind of what I am saying in the first place.

--I like the part where the community's first reaction to someone trying to spare some people a loss of their account is "LULZ" and "BLahrblerpyeawhatever".

This is merely a phishing email. NO DOT RESPOND TO IT. Your email address was leaked earlier, people are playing with you.

DO NOT FOLLOW ANY DIRECTIONS IN THE EMAIL.

You had me going for a second there..but no, this email arrived to the NEW address that I added AFTER the claim/reset page.

So either that got leaked, or it was indeed a password reset attempt.

It'd be nice if they'd put announcements on MtGox notifying users of this sort of thing.

They did say this more than a week ago "DO NOT DOWNLOAD ANYTHING

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM."

If you receive ANY email which seems coming from Mt.Gox asking you to download something (certificate, generating program, etc), DO NOT DOWNLOAD. Do not either input your password on any site which is not MTGOX.COM."

The mail simply said to report back to them if this request was made fraudulently and listed the IP address of the guy who tried it => the one I posted in the OP.

Maybe someone could get an official comment and see whether Mt.Gox@w001.mo.us.xta.net is a "proper" MtGox email address / domain or fake, too.

Who cares if people can do mass recovery though, since they can't access your e-mail it doesn't do anything? That's why all those e-mails just say if you didn't request to reset your password just delete the e-mail. Not exactly a big security flaw.

Even if it were real it dosen't count as hacking... and I can't see you being at much risk considering all you need is a user name or e-mail to initiate a password recovery.

I like the part where the community's first reaction to someone trying to spare some people a loss of their account is "LULZ" and "BLahrblerpyeawhatever".

And I thought I was a troll to the BTC userbase.

I like the part where you make unsubstantiated fear mongering claims in the topic title in all caps then reiterate something everyone on here already knows and has read 100's of times this past week "change your password".

Who cares if people can do mass recovery though, since they can't access your e-mail it doesn't do anything? That's why all those e-mails just say if you didn't request to reset your password just delete the e-mail. Not exactly a big security flaw.

Okay, I admit, I put this OP and thread in simple and broad enough terms.

What I was saying was: If your old email password is still the same as it was before reclaiming your account, change it.

If you did not, you are still at risk of whoever may have gotten into your MtGox possibly also having your email password(if, for example, you used the same one for MtGox or it got bruteforced/guessed then already).

Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

Again, I love how the common reaction is "Fuck you for trying to prevent theft and warning people".

No the common reaction is "Fuck you for fearmongering". Obviously everyone should be using a new password. Mt. Gox themselves made that pretty clear on top of it being common sense. But "WARNING - MTGOX HACKING CONTINUES READ INSIDE NOW" is a fearmongering title, plain and simple. That's why people reacted the way they did.

This email with 100% certainty arrived at the NEW email address I entered on the claims page.So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party, but someone else's mail, then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.

--------

As for fearmongering: I still have my MtGox account, I still have my BTC in there and I still have my money in there.

I don't see why I would be or should be fearmongering, let alone what good it would be to me, personally. So WTF people.

It's a warning. It says warning. That's what it is supposed to be. If warning someone causes fear instead of awareness then that's up to the person receiving the warning.

I tried to lay out what's happening. I made a suggestion for safety. I did not suggest panicking, selling all BTC and closing the account.

This email with 100% certainty arrived at the NEW email address I entered on the claims page.So if this is NOT a valid MtGox E-Mail to warn me of a malicious password recovery attempt by a third party, but someone else's mail, then the NEW email / email database must have gotten out somehow, which in turn would have other implications.

The mail I supplied is solely in use for MtGox.

--------

See now that's highly important information that should have been included in the original post.

See now that's highly important information that should have been included in the original post.

No I think our time would be much better spent with every single contribution other than mine basically trying to negatively sanction any attempts at rooting out risks towards real money, BTC and accounts while I get my mind boggled by that some more.